KW 23: Kaspersky warns of Mimikatz malware, Hackers blackmail Stadler Rail, Federal authorities warn of hacking critical infrastructure


Kaspersky warns of Mimikatz malware: Kaspersky experts have identified a series of targeted attacks on organizations located in different countries. As of early May 2020, there are known cases of attacks on systems in Japan, Italy, Germany and the UK. Attack victims include suppliers of equipment and software for industrial enterprises. Attackers use malicious Microsoft Office documents, PowerShell scripts, as well as various techniques that make it difficult to detect and analyze malware.

Hackers blackmail Stadler Rail: International rail vehicle manufacturer, Stadler, has disclosed a security breach that might have also allowed the attackers to steal company data. The company revealed that intruders asked for a large amount of money and are attempting to blackmail Stadler by threatening to release the stolen data. The rail vehicle manufacturer is investigating the incident with the help of external security experts. Stadler did not pay the ransom and has resumed operations by restoring its backups.

Federal authorities warn of hacking critical infrastructure: A Kremlin-linked hacking group has continued its long-running efforts to target German companies in the energy, water and power sectors, according to a confidential German government advisory obtained by “CyberScoop”. Investigators earlier this year uncovered evidence of the hackers’ longstanding compromises at unnamed German companies, according to the memo that German intelligence and security agencies sent last week to operators of critical infrastructure. The hacking group — dubbed Berserk Bear and suspected by some industry analysts of operating on behalf of Russia’s FSB intelligence agency — has been using the supply chain to access the German companies’ IT systems, said the alert from the BSI, BND, and BfV federal agencies.

Anonymous joins #BlackLivesMatter movement: Accounts associated with the activist group Anonymous are sharing their support for the ongoing protests after the death of George Floyd in the United States. A range of posts offering support for the protests and using the Anonymous name have spread across social media. The websites of the Minneapolis police department and the city both went offline over the weekend, though it is not clear who was behind those attacks and whether they are definitively associated with activist groups. One Facebook video, which has been viewed millions of times, includes a person wearing a Guy Fawkes mask and a hoodie in the look that has come to be associated with the group. It expresses sympathy with the protesters and suggests that supporters will pursue publicity campaigns to release further information.

NSA warns of attacks on Exim vulnerability: The Russia-linked APT group Sandworm has been spotted exploiting a vulnerability in the internet’s top email server software, according to the National Security Agency (NSA). The NSA this week released a cybersecurity advisory on new exploit activity from Unit 74455 of the GRU Main Center for Special Technologies (GTsST), a division of the Russian military intelligence service, a.k.a. Sandworm, a.k.a. BlackEnergy. The APT has been linked to the Industroyer attack on the Ukrainian power grid as well as the infamous NotPetya attacks. According to Kaspersky, the group is part of a nexus of related APTs that also includes a recently discovered group called Zebrocy.

Trends: The biggest challenges in the area of cyber security
Artificial Intelligence: Alliance between Arcserve and Sophos
Investigation: Digitization and cyber security still in focus
Webinar: Industrial cyber security in the factory of tomorrow
Israel: Attack on water supply


A single hacker hacked 4,280 websites over a period of seven years – not for money, but out of ambition. His goal was to break the 5000 website mark.


MS Office and Windows most popular targets for hacking attacks: In cooperation with the FBI, the Cybersecurity & Infrastructure Security Agency has published the ten most popular security vulnerabilities for hackers. Microsoft Windows and the Office package were far ahead of all others. A particular problem is that administrators do not patch their operating system regularly – this increases the gateways for cybercriminals.

Home office makes things easier for hackers: The digital association Eco explains that hackers are more successful when employees work from home. This is because they click on phishing emails up to three times as often as in the office. This allows malware to attack the digital infrastructure and could even enable hackers to blackmail companies with ransomware. Hackers are also increasingly copying websites through which they distribute malware – including the dashboard of the John Hopkins University for tracking the coronavirus pandemic.


“Don’t just click, always exercise a healthy dose of distrust.”
IT forensic expert Karsten Zimmer warns internet users of carelessness online.


$100 million for “good” hackers: HackerOne, the number one hacker-powered security platform, has announced that hackers have earned $100 Million in bug bounties by hacking for good on the HackerOne platform. A bounty — or bug bounty — is a monetary award given to a hacker who finds and reports a valid security weakness to an organization so it can be safely resolved. With nearly half of bounty earnings awarded in the past year alone, this record-breaking milestone showcases how the world’s largest hacker community is addressing the growing security needs of our increasingly interconnected society.

Newsletter subscription

Subscribe to our free weekly newsletter for a compact overview of safety and security topics:


More digital news briefings

Our political briefings